Class OCSPVerifier
- java.lang.Object
-
- org.apache.synapse.transport.certificatevalidation.ocsp.OCSPVerifier
-
- All Implemented Interfaces:
RevocationVerifier
public class OCSPVerifier extends Object implements RevocationVerifier
Used to check if a Certificate is revoked or not by its CA using Online Certificate Status Protocol (OCSP).
-
-
Constructor Summary
Constructors Constructor Description OCSPVerifier(OCSPCache cache)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description RevocationStatuscheckRevocationStatus(X509Certificate peerCert, X509Certificate issuerCert)Gets the revocation status (Good, Revoked or Unknown) of the given peer certificate.protected org.bouncycastle.cert.ocsp.OCSPRespgetOCSPResponce(String serviceUrl, org.bouncycastle.cert.ocsp.OCSPReq request)Gets an ASN.1 encoded OCSP response (as defined in RFC 2560) from the given service URL.
-
-
-
Constructor Detail
-
OCSPVerifier
public OCSPVerifier(OCSPCache cache)
-
-
Method Detail
-
checkRevocationStatus
public RevocationStatus checkRevocationStatus(X509Certificate peerCert, X509Certificate issuerCert) throws CertificateVerificationException
Gets the revocation status (Good, Revoked or Unknown) of the given peer certificate.- Specified by:
checkRevocationStatusin interfaceRevocationVerifier- Parameters:
peerCert- The certificate we want to check if revoked.issuerCert- Needed to create OCSP request.- Returns:
- revocation status of the peer certificate.
- Throws:
CertificateVerificationException
-
getOCSPResponce
protected org.bouncycastle.cert.ocsp.OCSPResp getOCSPResponce(String serviceUrl, org.bouncycastle.cert.ocsp.OCSPReq request) throws CertificateVerificationException
Gets an ASN.1 encoded OCSP response (as defined in RFC 2560) from the given service URL. Currently supports only HTTP.- Parameters:
serviceUrl- URL of the OCSP endpoint.request- an OCSP request object.- Returns:
- OCSP response encoded in ASN.1 structure.
- Throws:
CertificateVerificationException
-
-